At Fri, 21 Oct 2005 23:01:55 -0700,
Naotoshi Seo wrote:
> I got another trouble. I succeeded to show edit.html, but I could not 
> edit actaully.
> edit.html is an editview page. So, the html has post tag like
> <post action="http://.../messageboardobject/edit.html";>
> Therefore, same traverser trys to receive this posted action, and trys 
> to check password again (actually, and id) to find message object.
> Therefore, I have to pass password and id which was posted before at 
> password.html using hidden field or some ways. Or, I have to specify 
> different page for <post action="">  . I have no idea how editview's 
> post action is working, so I am not sure specifying different page for 
> post action works, though.

I think that would be a different issue, you should separate a plan
from "prohibit visitors from to access edit.html".

ZCML's editform is not flexible, so it is hard to add one more field in
auto-generated form. If you want to do, you may need zope.formlib package.

But I have another idea. We can use session for making stateful application.
then user doesn't need to post his password again.

And this is a little trick make a container to show its content's editform.

from zope.app.session.interfaces import ISession

PACKAGE_NAME = 'your application name'

class MessageEditView:

    def __init__(self, context, request):

        session = ISession(request)[PACKAGE_NAME]

        password = request.get('password')
        if password is None:
            password = session.get('password')

        message = getMessage(context, password) # please implement this:)

        session['password'] = password

        self.context = message # trick1
        self.request = request

    label="Edit Message"
    schema="IMessage"  <------ trick2
    title="Edit Message"

Tahara Yusei
Zope3-users mailing list

Reply via email to